Embodiment
Hereinafter will and combine embodiment to specify the present invention with reference to accompanying drawing.Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.
Embodiment 1
The invention provides a kind of method of controlling security of preferred portable terminal, as shown in Figure 1, the method for controlling security of this portable terminal comprises:
S102 when monitoring application using system authority, obtains affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating, wherein, has write down the authority of required control under the said reliability rating in the said control authority tabulation.
S104 judges whether said System Privileges is the authority in the control authority tabulation.
S106 if said System Privileges is not the authority in the said control authority tabulation, then allows said application to use said System Privileges.
In the above-described embodiments; When monitoring application using system authority; Through division and the control authority tabulation of application being carried out reliability rating; Can realize judging whether to allow this should be used for using the said system authority according to the authority of reliability rating of using and the control of pairing needs; Avoided application can obtain the responsive authority on the mobile device like this, solved the technical problem that can't guarantee the portable terminal safe operation in the prior art, reached the technique effect of the security control ability that has strengthened mobile terminal system through simple statement.
In a preferred embodiment of the present invention; When the system boot initialization; In the system directory of appointment, load the control strategy configuration file that presets; Through the control strategy configuration file being resolved the control authority tabulation that obtains under each reliability rating, and with the control authority list records under each reliability rating in internal storage data.Certainly; Above-mentioned is a kind of example of the present invention in the above-mentioned load operation of system boot initialization execution, and the present invention is not limited only to this, can also carry out above-mentioned load operation constantly at other; Carry out above-mentioned load operation when for example, each application being scanned.In above-mentioned preferred embodiment; With the control authority list storage under each reliability rating in internal storage data; Advantage realizes control authority tabulation ground fast reading and writing can to utilize internal storage data to read and write apace, thereby has improved the execution speed of the method for controlling security of the portable terminal that the present invention protected.
In another preferred embodiment of the present invention, a kind of splitting scheme of reliability rating is provided.Particularly; On the basis of above-mentioned each preferred embodiment; The method of controlling security of portable terminal also comprises: before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application; When system carries out application scanning or installation application, obtain the signing messages of application; The digital certificate that using system presets carries out authentication to said signing messages, if authentication is passed through, then the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; If authentification failure, then the reliability rating of said application is set to trustless grade.Preferably, corresponding with said digital certificate reliability rating can include but not limited to: " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.In the above-described embodiments; Through the signing messages of application and the digital certificate of system intialization are divided the reliability rating under using; Like this; Reliability rating under using can be complementary with the digital certificate of system, thereby can realize exactly the fail safe of system has been controlled in the division of the reliability rating of using effectively.
In another preferred embodiment of the present invention, when judging whether System Privileges is the authority in the control authority tabulation,, then need further judge whether to exist the applying control strategy that is used for System Privileges if System Privileges is the authority in the control authority tabulation.If there is the applying control strategy that is used for System Privileges, then judge whether to allow to use the using system authority according to applying control strategy.If there is not the applying control strategy that is used for System Privileges, then receive the applying control strategy of user's input, the applying control strategy of importing according to said user judges whether to allow said application to use said System Privileges.In above-mentioned preferred embodiment; When existence is used for the applying control strategy of System Privileges; Use existing applying control strategy to judge whether to allow to use the using system authority; And do not need to obtain new applying control strategy alternately with the user extraly, saved operating process, improved the efficient that method of controlling security is carried out; In addition, when not having the applying control strategy that is used for System Privileges, select current applying control strategy, increased the flexibility of security control through the user.
Preferably, the said user authority of carrying out select including, but not limited to: allow, refusal.On the basis of the foregoing description, after the applying control strategy that receives user's input, the result that said user is selected for this authority is converted into the applying control strategy that is used for said System Privileges, and in system log (SYSLOG), preserves applying control strategy.
In another preferred embodiment of the present invention, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.In this preferred embodiment, through qualification to authority, can be so that the method for controlling security that the present invention protected goes for different scene.
The enforcement of above-mentioned each optimal technical scheme; Can effectively carry out classification based on reliability rating to the application on the portable terminal; And come using and managing of control authority according to the classification of reliability rating; Customizable that realization is controlled the authority on the portable terminal and dynamic adjustment are effectively managed control to the security threat behavior that the application on the portable terminal possibly exist, and guarantee the fail safe of portable terminal.
Embodiment 2
The invention provides a kind of safety control of preferred portable terminal; As shown in Figure 2; The safety control of this portable terminal comprises: first acquiring unit 202 is used for when monitoring application using system authority, obtaining affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating; Wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation; Judging unit 204 is used for judging whether said System Privileges is the authority of control authority tabulation; Processing unit 206 is used for when said System Privileges is not the authority of said control authority tabulation, allowing said application to use said System Privileges.
In the foregoing description; When monitoring application using system authority; Through division and the control authority tabulation of application being carried out reliability rating; Can realize judging whether to allow this should be used for using the said system authority according to the authority of reliability rating of using and the control of pairing needs; Avoided application can obtain the responsive authority on the mobile device like this, solved the technical problem that can't guarantee the portable terminal safe operation in the prior art, reached the technique effect of the security control ability that has strengthened mobile terminal system through simple statement.
In a preferred embodiment of the present invention, concrete, as shown in Figure 3, the safety control of said portable terminal also comprises: loading unit 308, resolution unit 310 and record cell 312.When the system boot initialization; Loading unit 308 loads the control strategy configuration file that presets at the system directory of appointment; 310 pairs of said control strategy configuration files of resolution unit are resolved the control authority tabulation that obtains under each reliability rating, record cell 312 with the control authority list records under said each reliability rating in internal storage data.Certainly; It is a kind of example of the present invention that above-mentioned loading unit 308 is carried out above-mentioned load operation in the system boot initialization, and the present invention is not limited only to this, can also carry out above-mentioned load operation constantly at other; Carry out above-mentioned load operation when for example, each application being scanned.In above-mentioned preferred embodiment; With the control authority list storage under each reliability rating in internal storage data; Advantage realizes control authority tabulation ground fast reading and writing can to utilize internal storage data to read and write apace, thereby has improved the execution speed of the method for controlling security of the portable terminal that the present invention protected.
In another preferred embodiment of the present invention, a kind of splitting scheme of reliability rating is provided.As shown in Figure 3; Particularly; On the basis of above-mentioned each preferred embodiment, the safety control of portable terminal also comprises: second acquisition unit 314 was used for before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application; When carrying out application scanning or said application is installed, obtain the signing messages of said application; Authentication ' unit 316 is used for the digital certificate that using system presets said signing messages is carried out authentication; Unit 318 is set, is used for when authentication is passed through, the reliability rating of said application is set to the reliability rating corresponding with said digital certificate, and when authentification failure, the reliability rating of said application is set to trustless grade.Preferably, corresponding with said digital certificate reliability rating can include but not limited to: " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.In the above-described embodiments; Through the signing messages of application and the digital certificate of system intialization are divided the reliability rating under using; Like this; Reliability rating under using can be complementary with the digital certificate of system, thereby can realize exactly the fail safe of system has been controlled in the division of the reliability rating of using effectively.
In another preferred embodiment of the present invention; Concrete, as shown in Figure 3, processing unit 206 comprises: judge module 3062; Be used for when said System Privileges is the authority of said control authority tabulation, judging whether to exist the applying control strategy that is used for said System Privileges; Processing module 3064 is used for when existence is used for the applying control strategy of said System Privileges, judges whether to allow said application to use said System Privileges according to said applying control strategy.In above-mentioned preferred embodiment; When existence is used for the applying control strategy of System Privileges; Use existing applying control strategy to judge whether to allow to use the using system authority; And do not need to obtain new applying control strategy alternately with the user extraly, saved operating process, improved the efficient that method of controlling security is carried out; In addition, when not having the applying control strategy that is used for System Privileges, select current applying control strategy, increased the flexibility of security control through the user.
Preferably, the said user authority of carrying out select including, but not limited to: allow, refusal.On the basis of the foregoing description, after the applying control strategy that receives user's input, the result that said user is selected for this authority is converted into the applying control strategy that is used for said System Privileges, and in system log (SYSLOG), preserves applying control strategy.
In another preferred embodiment of the present invention, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.In this preferred embodiment, through qualification to authority, can be so that the method for controlling security that the present invention protected goes for different scene.
The enforcement of above-mentioned each optimal technical scheme; Can effectively carry out classification based on reliability rating to the application on the portable terminal; And come using and managing of control authority according to the classification of reliability rating; Customizable that realization is controlled the authority on the portable terminal and dynamic adjustment are effectively managed control to the security threat behavior that the application on the portable terminal possibly exist, and guarantee the fail safe of portable terminal.
Embodiment 3
For technical scheme of the present invention better is described, the present invention is that example comes further the present invention to be made an explanation with the mobile phone safety control system, but it should be noted that; Mobile phone is a kind of preferred embodiment as portable terminal; The preferred embodiment just limits the present invention in order better to describe the present invention, not constitute improperly, as; It can also be PDA portable terminals such as (Persoal Digital Assistant, palmtop PCs).
Fig. 4 is a kind of preferred principle schematic of the method for controlling security of embodiment of the invention portable terminal, can at first load and resolve the control strategy configuration file that presets during system initialization, generates the control authority strategy according to the result who resolves then.System boot scanning preset use and carry out that the third party uses download and install the time; The reliability rating authentication module (for example; Authentication ' unit 316 among Fig. 3) can accomplish authentication processing to the application reliability rating, and the affiliated reliability rating attribute that is applied thus.When monitoring application use mobile phone sensitivity authority; The handling process of meeting access entitlements use and management module; Said authority use and management module is through working final management and the controlled function that authority is used of accomplishing with reliability rating authentication module and authority usage policy module cooperative.
In the present embodiment, the job step of mobile phone safety control system is as shown in Figure 4, specifically comprises:
S402: the reliability rating authentication module carries out the authentication of application trust grade, and the reliability rating attribute that is applied thus.
Preferably, when application of start scanning for the first time or installation application, the reliability rating authentication module carries out the reliability rating authentication to application, and the reliability rating attribute that is applied thus.
S404: whether authority use and management module uses the responsive authority of mobile phone to detect to using.
Preferably; When authority use and management module detects application use mobile phone sensitivity authority; Use the authority that relates to the user charges class (comprise send message, call, online etc.), user privacy information class authority (comprising Message Record, contact person record, message registration etc.), the local type authority that connects of cell phone apparatus when (comprising WIFI connection, bluetooth connection etc.) like said application, enter into authority use and management module and manage.
S406: authority use and management module is obtained the reliability rating attribute of said application through the reliability rating authentication module.
S408: authority use and management module obtains the specific strategy that this application permission is controlled according to the reliability rating attribute of said application from authority usage policy module, carries out rights management.
S410:, response is made in the behavior of using rights of using according to the concrete control strategy that obtains.
Preferably, said the behavior of using rights of using is made that response comprises but one of any below not limiting to: 1) directly accept; 2) directly refuse; 3) prompting user.
Under the situation of response forms, can use to select dynamically to preserve according to user's authority and upgrade corresponding application controls for prompting.
Embodiment 4
For technical scheme of the present invention better is described; The present invention is that example comes further the present invention to be made an explanation with the mobile phone safety control system; But it should be noted that; Just as a kind of preferred embodiment of portable terminal, the preferred embodiment just limits the present invention in order better to describe the present invention, not constitute mobile phone improperly.
Can at first load and resolve the control strategy configuration file that presets during system initialization, generate the control authority strategy according to the result who resolves then.System boot scanning preset use and carry out that the third party uses download and install the time, can accomplish using the authentication processing of reliability rating, and the affiliated reliability rating attribute that is applied thus.When monitoring application use mobile phone sensitivity authority; The handling process of meeting access entitlements use and management module; Said authority use and management module is through working final management and the controlled function that authority is used of accomplishing with reliability rating authentication module and authority usage policy module cooperative.
Preferably, Fig. 5 is preferred embodiment of the present invention application trust grade identifying procedure figure, specifically comprises the steps:
Step S502 carries out application scanning or during the installation of newly using, separates press operation to using bag, and accomplish using the dissection process of package informatin in start.
Step S504, extracts the signing messages data of application, and notes using the result of bag dissection process according to step S502.
Step S506, the PKI file that application signature information that step S504 is obtained and mobile phone preset digital certificate carries out authentication processing, if execution in step S508, otherwise execution in step S510 are passed through in authentication.
Step S508 gives the pairing reliability rating of digital certificate that authentication is passed through, and preferred, said reliability rating comprises " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.; Then, execution in step S512.
Step S510 is if the equal authentification failure of all digital certificates that application signature and mobile phone preset is then given this application " trustless grade ".
Step S512, the application trust grade that authentication is obtained records in the attribute configuration file of using correspondence, treats as a normality attribute of using.
To S512, accomplish support and checking through above step S502, make different application have different reliability rating attributes, reach using the effect that authority is carried out effective Classification Management and control to the reliability rating of mobile phone application software.
Preferably, Fig. 6 is the flow chart that generates control strategy in the method for controlling security of portable terminal of the present invention, comprising:
Step S602 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot, and preferred, this control strategy configuration file can be system default control strategy configuration file.
Step S604 carries out the dissection process of control strategy configuration file, classifies by reliability rating and resolves the permissions list that obtains the required control of each reliability rating.
Step S606, the permissions list of the required control of each reliability rating that parsing is obtained records in the internal storage data structure, forms control strategy.
Preferably, Fig. 7 is an applying control strategy flow chart in the mobile phone method of controlling security of the present invention, comprises the steps:
Step S702 when monitoring when using the responsive authority of the system that uses, gets into step S704.
Step S704 gets access to the reliability rating attribute of application, and judges whether this authority belongs to the authority of the required control of said control strategy (for example, system default control authority); If do not belong to, execution in step S706 then is if belong to execution in step S708.
Step S706 ignores the authority of the required control of non-control strategy and uses.
Step S708, the applying control strategy that judges whether to exist this authority to use, if the words execution in step S710 that exists, if there is not then execution in step S712.
There has been the applying control strategy of this authority in step S710, does not process.
Step S712, the prompting user selects the application corresponding control strategy to this authority, and waits for and receive the applying control strategy that the user selects.
Step S714, record/renewal user is for the applying control strategy of this application permission.
Preferably, Fig. 8 is the process chart of application permission control and management in the method for controlling security of portable terminal of the present invention, comprises the steps:
Step S802 when monitoring when using the responsive authority of the system that uses, gets into step S804.
Step S804 judges whether this authority belongs to the authority of required control in the control strategy (for example, judging whether to belong to the system default control authority); If do not belong to, execution in step S806 then, if belong to, execution in step S808 then.
Step S806 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S808, the applying control strategy that judges whether to exist this authority to use, if the words execution in step S810 that exists, if there is not then execution in step S812.
Step S810 obtains the applying control strategy record of this authority, and carries out the control and management of authority according to control strategy.
Step S812; Because current authority does not also have corresponding applying control strategy record, therefore, eject prompting frame and remind the current system of user that responsive authority is used; Hang up current work disposal flow process simultaneously, and etc. receive the further selection that the user uses for this authority.
Step S814 receives the usage policy of user for this authority, execution in step S816 and step S818.
Step S816, with the user for the use of this authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S818 carries out the control and management that authority is used according to user's selection.
The enforcement of above-mentioned optimal technical scheme; Can effectively carry out classification based on reliability rating to the mobile phone terminal applies; And carry out the Classification Management that crucial authority is used according to the application trust grade separation; Being mainly reflected in can be to manufacturer and/or user's different demand for control, comes the customizable of terminal key control of authority and dynamic adjustment.The user can realize under the support of present technique scheme the management of the responsive bundle of permissions of mobile phone terminal key and control purpose easily; Control is managed in the security threat behavior that can effectively possibly exist the mobile phone terminal applies, effectively guarantees the fail safe of mobile phone terminal.
Embodiment 5
Following content is based on the concrete application implementation example of mobile phone method of controlling security of the present invention.Here realize the easiest on the intelligent mobile phone terminal by malicious intrusions and the management controlled function that needs most the responsive bundle of permissions of focused protection; The concrete bundle of permissions of control that realizes comprises: the class of a paying bundle of permissions (comprise and send message, calling, network traffics access control right), individual privacy information class bundle of permissions (comprising the access contacts record, Message Record, cell phone apparatus information, geographical location information), the local type bundle of permissions (comprising that wifi connection, bluetooth connect) that connects.
What need to specify is, the authority that following examples are all used with " untrusted application trust grade " is used and is controlled to be example and describes, and application permission uses under other reliability rating control principle and handling process all are consistent, just repeat no more here.
Present embodiment is based on following scene: type bundle of permissions of paying is used a control and management.
1) control strategy is set, will sends message, calling, the network traffics visit joins " untrusted application trust grade " needs in the control authority.
2) control strategy of generation paying type authority is as shown in Figure 9, comprises the steps:
Step S902 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S904 carries out the dissection process of control strategy configuration file, resolves to obtain " insincere reliability rating " paying class permissions list of required control down.
Step S906, the paying class permissions list that parsing is obtained required control records in the internal storage data, forms control strategy (for example, system default control strategy).
3) the use control and management of paying type authority, shown in figure 10, concrete handling process is following:
Step S1002 uses when paying type authority execution in step S1004 when monitoring to use.
Step S1004 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1006 judges whether this authority belongs to the authority of the required control of definition in type control of authority strategy of paying, if the words execution in step S1008 that does not belong to, if the words execution in step S1010 that belongs to.
Step S1008 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority.
Step S1010, the applying control strategy that judges whether to exist this paying authority to use, if the words execution in step S1012 that exists, if there is not then execution in step S1014.
Step S1012 obtains the applying control strategy record of this paying authority, and carries out the control and management of authority according to control strategy.
Step S1014, because current authority does not also have corresponding applying control strategy record, therefore, system can eject prompting frame and remind the user, hangs up current work disposal flow process simultaneously, and waits and receive the further selection of user for this paying authority use.
Step S1016 receives the usage policy of user for this paying authority, execution in step 1018 and step S1020.
Step S1018, with the user for the use of this paying authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S1020 uses this paying authority according to user's selection to respond.
The enforcement of above-mentioned paying safety management technology scheme; The user can well be according to the reliability rating attribute of using; Classification control and managing mobile phone terminal applies can come adjustment flexibly to use the use control strategy to the class authority of paying with scene according to user's actual user demand to the use of type authority of paying (send message, call, network traffics visit etc.).Under the support of present technique scheme; The user can realize the purpose to management of mobile phone terminal payment class bundle of permissions and control easily; Can effectively prevent mobile phone terminal payment class authority by the security threat behavior of malice infringement, thereby effectively guarantee the pay fail safe of type authority of mobile phone terminal.
Embodiment 6
Present embodiment is based on following scene: individual privacy information class bundle of permissions is used control and management.
1) control strategy is set, authorities such as access message record, contact person record, message registration, individual geographical location information are joined " untrusted application trust grade " to be needed in the control authority.
2) control strategy of generation individual privacy information class authority, shown in figure 11, idiographic flow is following:
Step S1102 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S1104 carries out the dissection process of control strategy configuration file, resolves to obtain " trustless grade " individual privacy information class permissions list of required control down.
Step S1106, the individual privacy information list of access rights that parsing is obtained records in the internal storage data structure, forms control strategy.
3) the use control and management of individual privacy information class authority is shown in figure 12, and concrete handling process is following:
Step S1202 uses when using the individual privacy information authority execution in step S1204 when monitoring.
Step S1204 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1206 judges whether this authority belongs to the authority of the required control of definition in the individual privacy information class control of authority strategy, if the words execution in step S1208 that does not belong to, if the words execution in step S1210 that belongs to.
Step S1208 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S1210, the applying control strategy that judges whether to exist this individual privacy information authority to use, if the words execution in step S1212 that exists, if there is not then execution in step S1214.
Step S1212 obtains the applying control strategy record of this individual privacy information authority, and carries out the control and management of authority according to control strategy.
Step S1214; Because current authority does not also have corresponding applying control strategy record, therefore, system can eject prompting frame and remind the user; Hang up current work disposal flow process simultaneously, and etc. receive the further selection that the user uses for this individual privacy information authority.
Step S1216 receives the usage policy of user for this paying authority, execution in step S1218 and step S1220.
Step S1218, with the user for the use of this individual privacy information authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S1220 carries out the control and management that the individual privacy information authority is used according to user's selection.
The enforcement of above-mentioned individual privacy information safety management technology scheme; The user can well be according to the reliability rating of using; Classification control and managing mobile phone terminal applies can come adjustment flexibly to use the use control strategy to individual privacy information class authority according to user's actual user demand and scene to the use of individual privacy information class authority (access message record, contact person record, message registration etc.).Under the support of present technique scheme; The user can realize the purpose to class rights management of mobile phone terminal individual privacy information and control easily; Can effectively prevent mobile phone terminal individual privacy information class authority by the security threat behavior of malice infringement, thereby effectively guarantee the fail safe of mobile phone terminal individual privacy information authority.
Embodiment 7
Present embodiment is based on following scene: equipment connects type bundle of permissions and uses a control and management.
1) control strategy is set, will use authorities such as bluetooth connection, wifi connection to join " untrusted application trust grade " needs in the control authority
2) generate the local control strategy that connects type authority, shown in figure 13, idiographic flow is following:
Step S1302 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S1304 carries out the dissection process of control strategy configuration file, resolves to obtain " trustless grade " and connect a type permissions list in this locality of required control down.
Step S1306, this locality connection permissions list that parsing is obtained records in the internal storage data structure, forms control strategy.
3) the local use control and management that connects type authority, shown in figure 14, concrete handling process is following:
Step S1402, when monitor use use local when connecting authority, execution in step S1404.
Step S1404 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1406 judges whether this authority belongs to the local authority that connects the required control of definition in type control of authority strategy, if the words execution in step S1408 that does not belong to, if the words execution in step S1410 that belongs to.
Step S1408 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S1410 judges whether to exist this local applying control strategy that connects the authority use, if the words execution in step S1412 that exists, if there is not then execution in step S1414.
Step S1412 obtains this local applying control strategy record that connects authority, and carries out the control and management of authority according to control strategy.
Step S1414; Because current authority does not also have corresponding applying control strategy record, therefore, eject prompting frame and remind the current system of user that responsive authority is used; Hang up current work disposal flow process simultaneously, and etc. receive the user and connect the further selection that authority is used for this this locality.
Step S1416 receives the usage policy of user for this this locality connection authority, execution in step S1418 and step S1420.
Step S1418 is converted into the applying control strategy that authority is used, the applying control strategy record value that preservation and update system write down with the user for the use selection (allowing this/refuse this/always allow/always refuse) that this this locality connects authority.
Step S1420 carries out the local control and management that authority is used that connects according to user's selection.
The enforcement of above-mentioned dispensing apparatus attachment security administrative skill scheme; The user can well be according to the reliability rating of using; Classification control and managing mobile phone terminal applies connect type use of authority (wifi connection, bluetooth connection etc.) to equipment, can come adjustment flexibly to use the use control strategy to equipment type of connection authority with scene according to user's actual user demand.Under the support of present technique scheme; The user can realize the mobile phone terminal equipment is connected the purpose of type bundle of permissions management and control easily; Can effectively prevent the mobile phone terminal equipment is connected type authority by the security threat behavior of malice infringement, thereby guarantee that effectively mobile phone terminal equipment connects the fail safe of type authority.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, and in some cases, can carry out step shown or that describe with the order that is different from here by calculation element; Perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.